Security News This Week: 9 Out of 10 Websites Leak Your Data to Third Parties

By -

Security News This Week: 9 Out of 10 Websites Leak Your Data to Third Parties

 

This week, hackers won a million dollar bounty for discovering a long-sought iOS zero-day. Federal lawmakers introduced the Stingray Privacy Act, a new bill that would require state and local lawmakers to get a warrant before using the invasive surveillance devices. The world got its first look at the full text of the Trans-Pacific Partnership trade pact. We found out the UK’s TalkTalk telecom hack may not be as bad as it looked. Android users can finally use Open Whisper Systems’ RedPhone app and TextSecure messaging app in one app, called Signal. And Crackas With Attitude, the teens who hacked CIA Director John Brennan, are back with a new hack.
But that’s not all. Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there!

Turns Out 90 Percent of the Internet’s Top Sites Leak Your Data to Third Parties

It’s no secret that websites typically send user data to third parties (typically without their knowledge or consent), but now new peer-reviewed research published by University of Pennsylvania privacy researcher and doctoral student Tim Libert shows that the scale of this is enormous—nine out of ten sites are leaking user data to an average of nine external domains. That means that a single site you visit will send your data to nine outside websites. Tim Libert cites Google as the worst culprit, but gives Twitter props for respecting browsers’ Do Not Track setting. He also points out that the NSA has leveraged commercial tracking tools in order to monitor users. For added privacy, using Tor is your best bet, Libert told Motherboard, so long as you don’t log into any accounts (Gmail, Facebook, etc.) while you’re on it.

The Pentagon Outsourced Its Coding to Russia (What Could Go Wrong?)

A four-year federal investigation revealed this week that the Pentagon has outsourced work writing software for sensitive US military communication systems to Russian programmers. Contractor John C. Kingsley discovered the Russian-contracted software had built-in holes that left the Pentagon’s communication system vulnerable to viruses. The two firms involved, Massachusetts-based NetCracker Technology Corporation and Virginia-based Computer Sciences Corporation (which had subcontracted the work), agreed to pay fines of $11.4 million and $1.35 million, respectively. Outsourcing work on classified systems to anyone who’s not a US citizen with approved security clearance violates federal regulations, as well as the company’s contract.

Iran Hacks Obama Administration Officials

Iran’s Revolutionary Guard Corps recently hacked email and social media accounts of Obama administration officials, including ones working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs. The surge of attacks, particularly targeting US officials working on Iran policy, coincided with the arrest of Iranian-American energy industry exec Siamak Namazi in Tehran last month. Namazi is an energy industry executive and business consultant who has pushed for stronger diplomatic and economic ties between the US and Iran. The IRGC’s intelligence arm confiscated Namazi’s computer and ransacked his family’s home, according to his friends and business associates. However, it’s also possible the attacks were connected to other geopolitical issues, such as the nuclear deal with Iran.

The UK Wants to Force Companies to Retain Users Web Histories for a Whole Year

The UK’s home secretary Theresa May is trying to pass the Investigatory Powers Bill, a law that would require UK-based internet companies to retain the web browsing history of everyone in Britain for a year. The bill would also allow police and intelligence officers to see which sites people have visited—without a warrant. Although it doesn’t go so far as banning internet and social media companies from offering encryption they themselves can’t bypass, a move that UK Prime Minister David Cameron recently suggested, the bill would require these companies “to take reasonable steps” to respond to warrants “in an unencrypted form,” leading to concerns that internet and social media companies would be forbidden from offering encryption they can’t bypass. The bill also gives GCHQ permission to essentially hack into any computer in the world.

MI5 Secretly Collected Phone Data for More Than 10 Years

The UK’s MI5 has been secretly collecting data from phone calls, texts, and emails of British citizens for the past decade—and apparently most of the UK cabinet didn’t know about it. This mass surveillance began after the 9/11 attacks in 2001, and MI5 ratcheted it up in 2005. The information emerged when Home Secretary Theresa May revealed a draft of the privacy-invading Investigatory Powers Bill that would empower Britain to spy on its citizens’ web-browsing histories.

Firefox Now Does a Better Job Protecting Your Web Browsing From Tracking

Mozilla has added a new Tracking Protection feature available to Firefox’s Private Browsing mode. Similar to plugins such as Privacy Badger and Ghostery, this mode blocks trackers (including ads that track you). This offers more protection than Google Chrome’s Incognito mode but less than Tor. EFF staff technologist Noah Swartz points out that Mozilla could provide even more protection by turning on Tracking Protection for users who have enabled the Do Not Track setting even when they’re not in private browsing mode.

Paying Ransom Didn’t Help ProtonMail When It Got Hit With DDoS Attacks

The encrypted email service ProtonMail caved to demands for a ransom after a group of hackers hit it with DDoS attacks—first with a brief 15-minute attack, which was followed by a massive attack that took down its ISP, routers, and data center. But paying up didn’t solve the problem. ProtonMail believes that the second attack that took it offline seemed to come from a second group that it says exhibited capabilities possessed by state-sponsored actors. The site was offline for 24 hours, and hackers hit it again on Friday morning. ProtonMail has launched a fundraising campaign to raise money to defend against future attacks of this scale.

The Economist’s Ad Blocking Circumvention Tool Exposed Its Users to Malware

PageFair is an analytics service that allows news publishers to circumvent ad blockers on their websites. But then PageFair was hacked on Halloween, and 501 publishers were affected by the breach. The Economist was one of them, and hundreds of its users running Windows OS may have downloaded malware disguised as an Adobe update. The Economist learned that the malware is a keylogger, which allows it to record user keystrokes and obtain passwords, bank details, and other personal data. The site has warned customers about the risk. Luckily, The Economist’s own systems have not been compromised.

Comments

Post a Comment

Popular posts from this blog

The Mystery of the Canadian Whiskey Fungus

By -
Image
The Mystery of the Canadian Whiskey Fungus The air outside a distillery warehouse smells like witch hazel and spices, with notes of candied fruit and vanilla—warm and tangy- mellow. It’s the aroma of fresh cookies cooling in the kitchen while a fancy cocktail party gets out of hand in the living room. James Scott encountered that scent for the first time a decade ago in a town called Lakeshore, Ontario. Just across the river from Detroit, Lakeshore is where barrels of Canadian Club whiskey age in blocky, windowless warehouses. Scott, who had recently completed his PhD in mycology at the University of Toronto, had launched a business called Sporometrics. Run out of his apartment, it was a sort of consulting detective agency for companies that needed help dealing with weird fungal infestations. The first call he got after putting up his website was from a director of research at Hiram Walker Distillery named David Doyle. Doyle had a problem. In the neighborhood s...
Read more

The Zero1 Flexible Football Helmet May Save Players’ Brains

By -
Image
The Zero1 Flexible Football Helmet May Save Players’ Brains   Football is a game of simple physics: One player has a ball, and many other players who do not have the ball want to stop him in his tracks. Sometimes this interaction happens at high speed. Speeds so fast that the parties involved bang into each other with a G force equivalent to a bowling ball being dropped on a head from 8 feet high. Football is a beautifully violent game, which is the reason Americans simultaneously exalt and fear the sport. It’s the reason people cheer when a cornerback makes the tackle or a linebacker pummels his opponent. It’s also the reason that one out of every three players in the NFL will experience some form of brain trauma during his career. According to an investigation from Frontline, there have been nearly 200 concussions so far this NFL season, and those are just the concussions that were officially reported. The NFL has a ver...
Read more

Psst: You Could Probably Lift a Car by Sucking Through a Straw

By -
Image
Psst: You Could Probably Lift a Car by Sucking Through a Straw   In another great MythBusters moment, Adam and Jamie managed to lift a car with a vacuum cleaner. That’s pretty cool, but could you replace the vacuum cleaner with just a human sucking on a straw? How Do You Lift a Car With Suction? Really, there is no suction. There is only air pressure. Yes, we are immersed in air. It’s all around us and when air molecules (let’s say it’s mostly nitrogen) collide with some surface it’s like a super tiny little push. Since air has lots of molecules, you get lots of collisions and pushes. The greater the surface area, the greater the force from these pushes. But really, we just like to talk about the push per unit area—we call this pressure. The air around us doesn’t just push down on us. It also pushes up and to the side and every which way since the air molecules are moving in all directions. Ok, technically the air pushes more up than down and this leads ...
Read more